layout to consensus
This commit is contained in:
parent
cd7a830234
commit
2854caf80b
|
@ -101,6 +101,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
|||
name = "bitcrypto"
|
||||
version = "0.1.0"
|
||||
dependencies = [
|
||||
"bn 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"primitives 0.1.0",
|
||||
"rust-crypto 0.2.36 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"siphasher 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
|
@ -746,6 +747,7 @@ dependencies = [
|
|||
name = "network"
|
||||
version = "0.1.0"
|
||||
dependencies = [
|
||||
"bitcrypto 0.1.0",
|
||||
"chain 0.1.0",
|
||||
"lazy_static 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"primitives 0.1.0",
|
||||
|
@ -1467,7 +1469,6 @@ version = "0.1.0"
|
|||
dependencies = [
|
||||
"bitcrypto 0.1.0",
|
||||
"blake2-rfc 0.2.18 (git+https://github.com/gtank/blake2-rfc.git?branch=persona)",
|
||||
"bn 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"byteorder 1.2.3 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"chain 0.1.0",
|
||||
"db 0.1.0",
|
||||
|
|
|
@ -7,3 +7,4 @@ authors = ["debris <marek.kotewicz@gmail.com>"]
|
|||
rust-crypto = "0.2.36"
|
||||
siphasher = "0.1.1"
|
||||
primitives = { path = "../primitives" }
|
||||
bn = "0.4"
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
extern crate crypto as rcrypto;
|
||||
extern crate primitives;
|
||||
extern crate siphasher;
|
||||
extern crate bn;
|
||||
|
||||
mod pghr13;
|
||||
|
||||
pub use rcrypto::digest::Digest;
|
||||
use std::hash::Hasher;
|
||||
|
@ -10,6 +13,11 @@ use rcrypto::ripemd160::Ripemd160;
|
|||
use siphasher::sip::SipHasher24;
|
||||
use primitives::hash::{H32, H160, H256};
|
||||
|
||||
pub use pghr13::{
|
||||
VerifyingKey as Pghr13VerifyingKey, Proof as Pghr13Proof, verify as pghr13_verify,
|
||||
G1, G2, Fr, Group,
|
||||
};
|
||||
|
||||
pub struct DHash160 {
|
||||
sha256: Sha256,
|
||||
ripemd: Ripemd160,
|
||||
|
|
|
@ -0,0 +1,54 @@
|
|||
pub use bn::{Fr, G1, G2, Group};
|
||||
use bn::pairing;
|
||||
|
||||
#[derive(Clone)]
|
||||
pub struct VerifyingKey {
|
||||
pub a: G2,
|
||||
pub b: G1,
|
||||
pub c: G2,
|
||||
pub z: G2,
|
||||
pub gamma: G2,
|
||||
pub gamma_beta_1: G1,
|
||||
pub gamma_beta_2: G2,
|
||||
pub ic: Vec<G1>,
|
||||
}
|
||||
|
||||
impl ::std::fmt::Debug for VerifyingKey {
|
||||
fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result {
|
||||
write!(f, "[Verifying Key: TODO]")
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Clone)]
|
||||
pub struct Proof {
|
||||
pub a: G1,
|
||||
pub a_prime: G1,
|
||||
pub b: G2,
|
||||
pub b_prime: G1,
|
||||
pub c: G1,
|
||||
pub c_prime: G1,
|
||||
pub k: G1,
|
||||
pub h: G1,
|
||||
}
|
||||
|
||||
pub fn verify(vk: &VerifyingKey, primary_input: &[Fr], proof: &Proof) -> bool {
|
||||
let p2 = G2::one();
|
||||
|
||||
// 1. compute accumulated input circuit (evaluate the polynomial)
|
||||
let mut acc = vk.ic[0];
|
||||
for (&x, &ic) in primary_input.iter().zip(vk.ic[1..].iter()) {
|
||||
acc = acc + (ic * x);
|
||||
}
|
||||
|
||||
// 2. check validity of knowledge commitments for A, B, C:
|
||||
pairing(proof.a, vk.a) == pairing(proof.a_prime, p2) &&
|
||||
pairing(vk.b, proof.b) == pairing(proof.b_prime, p2) &&
|
||||
pairing(proof.c, vk.c) == pairing(proof.c_prime, p2) &&
|
||||
|
||||
// 3. check same coefficients were used:
|
||||
pairing(proof.k, vk.gamma) ==
|
||||
pairing(acc + proof.a + proof.c, vk.gamma_beta_2) * pairing(vk.gamma_beta_1, proof.b) &&
|
||||
|
||||
// 4. check QAP divisibility
|
||||
pairing(acc + proof.a, proof.b) == pairing(proof.h, vk.z) * pairing(proof.c, p2)
|
||||
}
|
|
@ -8,4 +8,5 @@ lazy_static = "1.0"
|
|||
chain = { path = "../chain" }
|
||||
primitives = { path = "../primitives" }
|
||||
serialization = { path = "../serialization" }
|
||||
bitcrypto = { path = "../crypto" }
|
||||
rustc-hex = "2"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
use {Network, Magic, Deployment};
|
||||
use {Network, Magic, Deployment, crypto};
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
/// Parameters that influence chain consensus.
|
||||
|
@ -42,6 +42,24 @@ pub struct ConsensusParams {
|
|||
|
||||
/// Equihash (N, K) parameters.
|
||||
pub equihash_params: Option<(u32, u32)>,
|
||||
|
||||
/// Active key for pghr13 joinsplit verification
|
||||
pub joinsplit_verification_key: crypto::Pghr13VerifyingKey,
|
||||
}
|
||||
|
||||
fn mainnet_pghr_verification_key() -> crypto::Pghr13VerifyingKey {
|
||||
use crypto::{G1, G2, Group};
|
||||
|
||||
crypto::Pghr13VerifyingKey {
|
||||
a: G2::one(),
|
||||
b: G1::one(),
|
||||
c: G2::one(),
|
||||
z: G2::one(),
|
||||
gamma: G2::one(),
|
||||
gamma_beta_1: G1::one(),
|
||||
gamma_beta_2: G2::one(),
|
||||
ic: Vec::new(),
|
||||
}
|
||||
}
|
||||
|
||||
impl ConsensusParams {
|
||||
|
@ -66,6 +84,8 @@ impl ConsensusParams {
|
|||
pow_target_spacing: (2.5 * 60.0) as u32,
|
||||
|
||||
equihash_params: Some((200, 9)),
|
||||
|
||||
joinsplit_verification_key: mainnet_pghr_verification_key(),
|
||||
},
|
||||
Network::Testnet => ConsensusParams {
|
||||
network: network,
|
||||
|
@ -86,6 +106,8 @@ impl ConsensusParams {
|
|||
pow_target_spacing: (2.5 * 60.0) as u32,
|
||||
|
||||
equihash_params: Some((200, 9)),
|
||||
|
||||
joinsplit_verification_key: mainnet_pghr_verification_key(),
|
||||
},
|
||||
Network::Regtest => ConsensusParams {
|
||||
network: network,
|
||||
|
@ -106,6 +128,8 @@ impl ConsensusParams {
|
|||
pow_target_spacing: (2.5 * 60.0) as u32,
|
||||
|
||||
equihash_params: Some((200, 9)),
|
||||
|
||||
joinsplit_verification_key: mainnet_pghr_verification_key(),
|
||||
},
|
||||
Network::Unitest => ConsensusParams {
|
||||
network: network,
|
||||
|
@ -126,6 +150,8 @@ impl ConsensusParams {
|
|||
pow_target_spacing: (2.5 * 60.0) as u32,
|
||||
|
||||
equihash_params: None,
|
||||
|
||||
joinsplit_verification_key: mainnet_pghr_verification_key(),
|
||||
},
|
||||
}
|
||||
}
|
||||
|
|
|
@ -4,6 +4,7 @@ extern crate lazy_static;
|
|||
extern crate chain;
|
||||
extern crate primitives;
|
||||
extern crate serialization;
|
||||
extern crate bitcrypto as crypto;
|
||||
extern crate rustc_hex as hex;
|
||||
|
||||
mod consensus;
|
||||
|
|
|
@ -18,7 +18,6 @@ network = { path = "../network" }
|
|||
storage = { path = "../storage" }
|
||||
bitcrypto = { path = "../crypto" }
|
||||
rustc-hex = "2"
|
||||
bn = "0.4"
|
||||
|
||||
[dev-dependencies]
|
||||
rand = "0.4"
|
||||
|
|
|
@ -72,8 +72,6 @@ extern crate bitcrypto as crypto;
|
|||
#[cfg(test)]
|
||||
extern crate db;
|
||||
|
||||
extern crate bn;
|
||||
|
||||
pub mod constants;
|
||||
mod canon;
|
||||
mod deployments;
|
||||
|
@ -84,7 +82,6 @@ mod sigops;
|
|||
mod timestamp;
|
||||
mod work;
|
||||
mod work_zcash;
|
||||
mod pghr13;
|
||||
|
||||
// pre-verification
|
||||
mod verify_block;
|
||||
|
|
|
@ -1,47 +0,0 @@
|
|||
extern crate bn;
|
||||
|
||||
use bn::{pairing, Fr, G1, G2, Group};
|
||||
|
||||
struct VerifyingKey {
|
||||
a: G2,
|
||||
b: G1,
|
||||
c: G2,
|
||||
z: G2,
|
||||
gamma: G2,
|
||||
gamma_beta_1: G1,
|
||||
gamma_beta_2: G2,
|
||||
ic: Vec<G1>,
|
||||
}
|
||||
|
||||
struct Proof {
|
||||
a: G1,
|
||||
a_prime: G1,
|
||||
b: G2,
|
||||
b_prime: G1,
|
||||
c: G1,
|
||||
c_prime: G1,
|
||||
k: G1,
|
||||
h: G1,
|
||||
}
|
||||
|
||||
fn verify(vk: &VerifyingKey, primary_input: &[Fr], proof: &Proof) -> bool {
|
||||
let p2 = G2::one();
|
||||
|
||||
// 1. compute accumulated input circuit
|
||||
let mut acc = vk.ic[0];
|
||||
for (&x, &ic) in primary_input.iter().zip(vk.ic[1..].iter()) {
|
||||
acc = acc + (ic * x);
|
||||
}
|
||||
|
||||
// 2. check validity of knowledge commitments for A, B, C:
|
||||
pairing(proof.a, vk.a) == pairing(proof.a_prime, p2) &&
|
||||
pairing(vk.b, proof.b) == pairing(proof.b_prime, p2) &&
|
||||
pairing(proof.c, vk.c) == pairing(proof.c_prime, p2) &&
|
||||
|
||||
// 3. check same coefficients were used:
|
||||
pairing(proof.k, vk.gamma) ==
|
||||
pairing(acc + proof.a + proof.c, vk.gamma_beta_2) * pairing(vk.gamma_beta_1, proof.b) &&
|
||||
|
||||
// 4. check QAP divisibility
|
||||
pairing(acc + proof.a, proof.b) == pairing(proof.h, vk.z) * pairing(proof.c, p2)
|
||||
}
|
Loading…
Reference in New Issue